git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Mon, 5 Oct 2020 16:01:32 +0000 (12:01 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Thu, 29 Oct 2020 18:18:41 +0000 (14:18 -0400)
commit	3b163eed1cf1f55dd4a7bc6d6fffc34f55695b00
tree	1bbe6b44e6e78c7c973950fd123f2681e8269221	tree
parent	6dbf0b755bb1d8254c881cf21717441cc2e880b8	commit \| diff

Move more KDC checks to validate_tgs_request()

Move the following validity checks:

* the INVALID ticket flag check from kdc_process_tgs_req()
* the lineage check from process_tgs_req()
* the user-to-user second ticket client check from process_tgs_req()
* all S4U2Self validity checks from kdc_process_s4u2self_req()
* S4U2Proxy validity checks (but not KDB authorization checks) from
  kdc_process_s4u2proxy_req()

In process_tgs_req(), call validate_tgs_request() after
kdc_process_s4u2self_req() and decrypt_2ndtkt() so that their outputs
can be used as validation inputs.  Add stkt and is_crossrealm locals
for convenience, and remove st_idx.

There are some minor behavior changes:

* For invalid S4U2Self request options, the status string is changed
  from "INVALID AS OPTIONS" to "INVALID S4U2SELF OPTIONS".

* For a header ticket with the INVALID flag, the reply code is changed
  to KRB_AP_ERR_TKT_NYV (as specified in RFC 4120) and the status
  string to "TICKET NOT VALID".

* For a lineage check failure, the explicit KDC log is removed, and
  the status string is changed to "INVALID LINEAGE".

* For a user-to-user second ticket client mismatch, the explicit audit
  call is removed, and the log message does not include the second
  ticket client.

* e_data returned from the KDB check_policy_as() method will be
  included in the error for S4U2Self requests.

ticket: 8953 (new)

src/kdc/do_tgs_req.c		diff \| blob \| blame \| history
src/kdc/kdc_util.c		diff \| blob \| blame \| history
src/kdc/kdc_util.h		diff \| blob \| blame \| history
src/kdc/tgs_policy.c		diff \| blob \| blame \| history